Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

ApiGatewayV2 - HttpApi - Cannot use a custom domain

0

Hello,

  1. I can use auto-deploy on both the $default or custom "prod" stage to get a working link for my API.

E.g. The $default deploys to https://\[ApiId].execute-api.eu-west-1.amazonaws.com

  1. I can add a custom domain (test.\[domain].com) with a valid certificate, where I receive the "API Gateway domain name".

E.g. d-\[RandomChars].execute-api.eu-west-1.amazonaws.com

  1. I add the a Route53 Alias from my test.\[domain].com to the above "API Gateway domain name".

test.\[domain].com. A ALIAS d-\[RandomChars].execute-api.eu-west-1.amazonaws.com

  1. I add the API mapping of the custom domain to "My Http Api" on stage "$default", I do not specify path, as simply "/" is not supported.

  2. Neither https://d-\[RandomChars].execute-api.eu-west-1.amazonaws.com nor my custom domain navigates to my API (ERR_CONNECTION_REFUSED). But https://\[ApiId].execute-api.eu-west-1.amazonaws.com does.

What am I doing wrong? Is this a bug?

Temas
Sin servidorWeb y móvil front-endRedes y entrega de contenido
Etiquetas
Amazon API Gateway
Idioma
English
DemoWearing
preguntada hace 4 años408 visualizaciones
3 Respuestas
1

I fixed the problem,

These steps are correct, I was being foolish, Chrome was trying to access it with http, it of course requires https.

DemoWearing
respondido hace 4 años
0

Hey! I am wondering about your Step 2 -- the "with a valid certificate" part.

I added a custom domain, and get a "d-\[RandomChars].execute-api.us-east-1.amazonaws.com" as well.

However, I noticed in this "Endpoint configuration" window that it does not show a "Certificate upload date" -- we have 2 other custom domains that do show a "Certificate upload date" just below the "Hosted zone ID" info, but they are "Edge" and mine is "Regional".

Does your custom domain "Endpoint configuration" show a certificate upload date?

I am searching fiendishly for why my custom domain remains "Forbidden"!!!

Edited by: warrenstephens on Nov 18, 2020 3:27 PM

warrenstephens
respondido hace 3 años
0

I found the problem, and it was not with that certificate stuff. Another "foolish" mistake actually.

The issue was actually within the authorizer lambda, which returns an APIGatewayCustomAuthorizerResponse (the name of the struct in Go) which contains a policy to permit the execute lambda to then run.

The authorizer lambda was able to pull the region ("us-east-1") from the host name when it was like "zzzyyxx123.execute-api.us-east-1.amazonaws.com", but when the custom domain request comes in the "host" value in the header does not have the region embedded -- so the policy it created and returned had garbage for the region part of the ARN, and so the execute lambda would not run, i.e. "Forbidden".

warrenstephens
respondido hace 3 años

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante